Position OverviewSecurity and compliance are vital to protecting the systems that allow us to serve families living with dementia. As our Security Analyst, you are the first line of defense. You will help us configure security monitoring tools, integrate signal data, and build a security monitoring program. If you love looking into the technical details, learning intricate configurations, and watching user patterns, this role is built for you. This is an important effort because it will elevate our security operations towards a path of automation and data-driven monitoring. This role reports directly to the CISO with a focus on mentoring and partnership to further your career opportunities.About Us & What We DoCeresti is on a mission to reduce avoidable hospitalizations and improve care for people living with dementia while improving the lives of their families and caregivers. We envision a world in which family caregivers of people living with dementia are supported and have the knowledge, skills, and confidence to provide the best possible care for their loved ones.Ceresti is a tech-enabled dementia care provider with a differentiated model of care that improves outcomes and delivers guaranteed cost savings by including family caregivers in the care team. We offer health plans and accountable care organizations a turnkey solution for impacting a population that has limited engagement in traditional clinical programs.Our culture is rooted in agility, innovation, and collaboration. We believe that every idea — no matter how small — can spark a meaningful improvement. We work in cross-functional Agile teams that move fast, ship often, and learn together. Together, we create solutions that make a lasting impact on the healthcare ecosystem, enabling more compassionate and cost-effective care for those who need it most.ResponsibilitiesAnalyze, deploy, integrate, and monitor security tools, including connecting sources such as AWS, HubSpot, Canvas, and MacBook endpoints (Mosyle, Bitdefender) into our Huntress SIEM.Review security baselines for configurations to identify gaps, then work with IT to close those gaps (e.g., CIS Benchmark, Vendor Best Practices).Assist in monitoring security controls in support of SOC 2 (and future HITRUST) compliance assessments.Monitor security dashboards, alerts, cyber incidents, and participate in tabletop exercises to improve the detection and response posture.Study user and system behavior to strengthen our security awareness training (KnowBe4) by turning real-world signal into targeted, relevant education for our team.Work closely with the product team (engineering, product management, and quality assurance) to ensure security monitoring is in place throughout the SDLCCreate proofs of concept and develop capabilities using AI to demonstrate what is possible and accelerate the security program.Compile and update runbooks to respond to possible security scenarios.Track assets, users, and files to ensure the security process is followed by our security design and zero trust architecture.Write and maintain simple scripts and utilities to automate routine security checks across the Govern, Identify, Protect, Detect, Respond, and Recover functions.Help track and report key metrics such as average time to detect/respond/contain, false positive rate, failed login rate, patch compliance rate, and vulnerability exposure time.Assist in other capacities around Governance, Risk, and Compliance as needed.QualificationsEducationBS/BA degree or higher in Computer Science, Engineering, Computer Security or a related technical fieldExperience2–4 years in security, IT, or a related technical role. Internships, security certifications (e.g., Security+), home-lab projects, and academic work all count.Experience with SOC2, HITRUST, or HIPAA (or equivalent compliance standards)Familiarity with SIEM and logging concepts; hands-on exposure to Huntress or a similar platform is a plusProven experience being a part of a team and contributing to achieve team goalsExposure to security or IT tools such as AWS, M365 Entra / Purview, Huntress, Mosyle, Bitdefender, KnowBe4, or Snyk — familiarity with several, not all, is fineAwareness of CI/CD pipeline concepts (e.g., Bitbucket Pipelines, GitHub Actions) — a plus, not requiredComfort with, or eagerness to learn, basic scripting (Python, Bash, or Go) to verify data and configuration settingsExperience within healthcare industry highly desiredExperience with security testing in regulated environments, ideally HIPAA / healthcare, and an instinct for protecting PHI is a plusExperience using AI tools (e.g., Co-Pilot, Gemini, Claude) to accelerate security analysis and development of scripts for security system integration/validationClear written and verbal communication, including writing security ticket resolutions and root cause analysis reports, and staying calm and communicating clearly during a security incidentSkillsReliable, persistent and results-orientedEasy to get along with; able to work with a teamMust demonstrate a high level of integrity and ownershipConsistently transparent, courageous and enthusiasticMust be able to pass a background checkJob TypeFull timeLocationThis position is entirely remote. US-based candidates only.What We OfferHealth insuranceOpportunities for professional growth and developmentCollaborative and dynamic work environmentFlexible work arrangements and remote work optionsAccess to cutting-edge technologies and toolsThe chance to do work that directly improves the lives of patients with dementia and the families who love themJoin us to build technology solutions that empower family caregivers and improve patient care outcomes, all while advancing your career in a dynamic, growth-oriented environment.
